OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: Ren on February 26, 2016, 07:29:18 am

Title: OpenVPN Server broken after update
Post by: Ren on February 26, 2016, 07:29:18 am

I just updated OPNSENSE and my only OpenVPN Server instance is failing to start with the below error

Quote

Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:15:22   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init

Title: Re: OpenVPN Server broken after update
Post by: franco on February 26, 2016, 08:28:58 am

This is lighttpd (web GUI server) complaining about incompatibility with the latest OpenSSL CVE fix, but it is harmless -- your GUI is still accessible I reckon?

Can you provide your OpenVPN log instead?

Title: Re: OpenVPN Server broken after update
Post by: Ren on February 26, 2016, 04:24:31 pm

Here is the ouput from OpenVPN log. Service is still not starting after deleting and re-defining OpenVPN instance
N.B I replaced my public IP with MY_PUBLIC_IP_HERE

Quote

Feb 26 10:18:42   openvpn[59766]: Initialization Sequence Completed
Feb 26 10:18:42   openvpn[59766]: UDPv4 link remote: [undef]
Feb 26 10:18:42   openvpn[59766]: UDPv4 link local (bound): [AF_INET]MY_PUBLIC_IP_HERE:7443
Feb 26 10:18:41   openvpn[59766]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1558 10.1.8.1 10.1.8.2 init
Feb 26 10:18:41   openvpn[59766]: /sbin/ifconfig ovpns1 10.1.8.1 10.1.8.2 mtu 1500 netmask 255.255.255.255 up
Feb 26 10:18:41   openvpn[59766]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Feb 26 10:18:41   openvpn[59766]: TUN/TAP device /dev/tun1 opened
Feb 26 10:18:41   openvpn[59766]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 26 10:18:41   openvpn[59766]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Feb 26 10:18:41   openvpn[59766]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 26 10:18:41   openvpn[59305]: library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
Feb 26 10:18:41   openvpn[59305]: OpenVPN 2.3.10 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 28 2016
Feb 26 10:18:41   openvpn[29626]: SIGTERM[hard,] received, process exiting
Feb 26 10:18:40   openvpn[29626]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1558 10.1.8.1 10.1.8.2 init
Feb 26 10:18:40   openvpn[29626]: event_wait : Interrupted system call (code=4)
Feb 26 10:18:34   openvpn[29626]: Initialization Sequence Completed
Feb 26 10:18:34   openvpn[29626]: UDPv4 link remote: [undef]

Title: Re: OpenVPN Server broken after update
Post by: Ren on February 26, 2016, 04:51:12 pm

I checked the crash report log and nothing. the only thing i found was that my opnvpn instance kept starting and stopping

Quote

tun1: changing name to 'ovpns1'
ovpns1: link state changed to UP
ovpns1: link state changed to DOWN
ovpns1: link state changed to UP
ovpns1: link state changed to DOWN
tun1: changing name to 'ovpns1'
ovpns1: link state changed to UP
ovpns1: link state changed to DOWN
ovpns1: changing name to 'tun1'
tun1: changing name to 'ovpns1'
ovpns1: link state changed to UP
ovpns1: link state changed to DOWN
ovpns1: link state changed to UP

Title: Re: OpenVPN Server broken after update
Post by: franco on February 27, 2016, 12:27:53 pm

From what I can tell the OpenVPN log looks clean, the server starts up and ought to be accessible. Are you sure there's nothing in your network setup that might cause this? Check the firewall logs for dropped traffic for port 7443.